jSQL is an easy-to-use SQL injection tool that enables the user to retrieve database informations from a distant server.
jSQL injection consists of the following features:
- Get, Post, header, cookie methods
- Normal, error based, blind, time-based algorithms
- Automatic best algorithms detection
- Data retrieving progression
- Proxy setting
- Evasion
For now jSQL injection supports MySQL. And it requires the name of the parameter to inject and the distant server URL.
If you want to test drive the jSQL injection, you can save the following PHP code in a script (for example: simulate_get.php, and continue using the URL http://127.0.0.1/simulate_get.php?lib= in the first field of the tool, then click Connect to access the database:
<?php
mysql_connect("localhost", "root", "");
mysql_select_db("my_own_database");
$result = mysql_query("SELECT * FROM my_own_table where my_own_field = {$_GET['lib']}") # time based
or die( mysql_error() ); # error based
if(mysql_num_rows($result)!==0) echo" true "; # blind
while ($row = mysql_fetch_array($result, MYSQL_NUM))
echo join(',',$row); # normal
?>
To download, please click on this link.
Cheers!
About The Author
This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.
This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.
No comments:
Post a Comment